An overwhelming 96 per cent of British businesses fear that their information security functions do not fully meet their needs – making cyber attacks the greatest threat to survival of UK businesses today.
That's the finding of Ernst & Young's Global Information Security Survey 2013 report, which says budget constraints (69 per cent) and lack of skilled staff (66 per cent) are the biggest challenges in combating the cyber threat.
It means that just 4 per cent of companies have full information security teams, even though 66 per cent have reported an increase in external threats during the last year.
Mark Brown, information security director at EY, said: “This year's results show that while businesses are faced with a rising number of security breaches, budget constraints and talent shortages mean that they fail to put in place those systems that match their needs.
“As a result, for UK businesses, this is no longer an issue of whether they will be attacked - the reality is that organisations need to now focus their efforts on determining when the attack took place and identifying that they fell victim to the cyber threat in the first place.”
EY canvassed more than 1,900 senior executives globally, with 66 per cent of those in the UK reporting that the number of security incidents in their organisation has grown by at least 5 per cent over the last 12 months.
Many have realised the scale of the threat facing them - resulting in information security now being ‘owned' at the highest level in 62 per cent of the organisations surveyed.
But with just a quarter of respondents planning to increase their security budget by 5 per cent or more in the next 12 months, 69 per cent of information security professionals feel their budget is insufficient and cite this as their number one challenge to operating at the levels the business expects.
Meanwhile, the report finds 52 per cent of organisations lack the capability to assess the impact of emerging technologies on their information security.
The study says that while security teams are focused on the right priorities, often they don't have the skilled resources or executive support needed to address them.
In particular, the skills gap is creating a sellers' market, with 66 per cent of respondents citing a lack of skilled staff as a barrier to value creation. Likewise, 28 per cent indicated a lack of executive awareness or support as an issue.
Brown commented: “A lack of skilled talent is a global issue. It is particularly acute in the UK, where government and companies are fiercely competing to recruit the brightest talent to their teams from a very small pool. As a result, while organisations feel they are addressing the right priorities, many indicate that they do not have the skilled resources to support their needs.”
He added: “Not considering risks until they arise gives cyber attackers the advantage, jeopardizing an organisation's survival.”
Adrian Culley, global technical consultant at advanced threat protection vendor, Damballa, agreed: “As the report highlights, addressing this threat with skilled resources is a particular issue for organisations. Whilst there are many excellent initiatives running to raise skill levels it is a challenge to find cyber security staff with the appropriate blend of knowledge, skills and experience.”